China denies cyber spy network charges

A network used to attack computers worldwide appears to be based in the country

China on Tuesday denied suggestions it could be involved in a cyberespionage ring that attacked computers worldwide from servers mostly based in the country.

GhostNet, a network that affected 1,295 computers in more than 100 countries through malware and social engineering, was described in a study last weekend by the SecDev Group's Information Warfare Monitor and the Munk Center for International Studies at the University of Toronto.

"Some people in foreign countries are keen to make up rumors about so-called Chinese Internet spies," foreign ministry spokesman Qin Gang said at a briefing Tuesday. "Their statements are entirely fabricated."

China opposes hacking and other attacks on computer networks, Qin said.

Attackers used GhostNet to steal documents from targets including international institutions and foreign ministries of other countries, according to the report. The attackers gained full access to affected computers, including control of attached microphones and Web cams that could have been used to monitor nearby activity.

The report drew attention to cybercrime in China at a time when observers say it is growing. GhostNet's highly targeted attacks against foreign government networks are unique, but its scale is tiny and its malware code outdated compared to other recent attacks, analysts say.

A simple online search can reveal the source code for GhostNet's unsophisticated malicious software, said Zhao Wei, CEO of Knownsec, a Beijing security firm. Much more advanced -- and more common in China -- are mass attacks with "zero days," or previously unknown software bugs, Zhao said.

Sophisticated attacks can hit millions of computers. Researchers at Zhao's firm found 4 million computers infected in a single day during one recent attack.

China had 298 million Internet users at the end of last year, the most in any country, according to the country's domain registry center.

Bank accounts and online game passwords are popular targets for attackers in China. Items like armor and weapons stolen from game accounts are often sold back to other players for real-world cash.

The attackers can make themselves hard to catch by stealing small amounts from many different people, Zhao said. An attacker might, for example, break into a huge number of bank accounts but steal just 10 yuan (US$1.47) from each, an amount victims are unlikely to report. That makes collecting evidence difficult for police, as does the need for cooperation across districts if the attacker and victims are in different places, Zhao said.

China passed its first regulations protecting the public from cyber data theft last month. The revisions to the country's criminal law ban digital theft of information from any computer, lowering the bar from old rules that banned intrusions into government-supported networks. The new law also prohibits designing programs to help attackers invade or gain control over other computers.

The law's protection from data theft extends to overseas computers like those attacked by GhostNet, said Pi Yong, a law professor at Wuhan University.

But implementing the law could be difficult even in purely domestic cases. Chinese courts in remote areas may be unsure how to handle electronic evidence, Pi said.

China also remains a convenient routing point for attackers from other countries, who can hide their location by using a Chinese IP (Internet Protocol) address.

Registering a Chinese domain is cheap and hassle-free, giving attackers an easy way to spread malware, said Konstantin Sapronov, head of the Kaspersky virus lab in China.

Blocked domains are easily replaced, he said.

"If it will be blocked, it doesn't matter. You can use another, and you can buy a lot of these," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags cybercrimeespionage

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Owen Fletcher

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?